openssl: update to 3.5.5
This release incorporates the following bug fixes and mitigations:
fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
(CVE-2025-11187)
fixed Stack buffer overflow in CMS AuthEnvelopedData parsing.
(CVE-2025-15467)
fixed NULL dereference in SSL_CIPHER_find () function on unknown cipher ID.
(CVE-2025-15468)
fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB.
(CVE-2025-15469)
fixed TLS 1.3 CompressedCertificate excessive memory allocation.
(CVE-2025-66199)
fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes.
(CVE-2025-68160)
fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls.
(CVE-2025-69418)
fixed Out of bounds write in PKCS12_get_friendlyname () UTF-8 conversion.
(CVE-2025-69419)
fixed Missing ASN1_TYPE validation in TS_RESP_verify_response () function.
(CVE-2025-69420)
fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex () function.
(CVE-2025-69421)
fixed Missing ASN1_TYPE validation in PKCS#12 parsing.
(CVE-2026-22795)
fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes () function.
(CVE-2026-22796)
Adjust patches due to formatting changes.
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21752
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
projects / thirdparty / openwrt.git / commit
